The number of vulnerabilities found in Android’s Stagefright just grew, and this time devices from as far back as Android 1.0 are vulnerable to attack. This first vulnerability, affecting almost every Android device, is in “libutils” — and that’s just one of the vulnerabilities recently discovered by Zimperium. Another vulnerability was found in libstagefright that makes Android devices running software versions later than 5.0 vulnerable as well… expand full story
stagefright Stories October 1, 2015
stagefright Stories September 14, 2015
Sony Xperia Z1, Z Ultra, and Z1 Compact now getting Android 5.1.1 Lollipop
If you’re still using one of Sony’s Xperia Z1 handsets from 2013, this little tidbit is for you. Apparently, Xperia Z1, Z Ultra, and Z1 Compact handset are getting updated to Android 5.1.1 in some countries (via XperiaBlog). Alongside some really neat updates like richer Xperia themes, several Camera improvements, and new SmartWatch 3 functionality, the update also fixes the vulnerabilities in Stagefright…
Along with the above changes, this update to Android 5.1.1 includes new settings menu icons, “additional options” for WiFi and Bluetooth in the notification pull-down menu, new icons in the Settings menu, LinkedIn integrations for Calendar and Contacts, enhanced enterprise features of some kind, and more. As mentioned, the Camera has also been updated including improvements for focus, speed, and accuracy in “Superior Auto” mode.
Here’s the full change log:
– Improvements to volume and silent mode control, more control of your alerts, simplified and enhanced design – Integration of LinkedIn with your Calendar and Contacts – Camera focus, speed and accuracy improvements in Superior Auto mode – Many new features for Xperia in Business, enhancing enterprise support for Xperia – Now take pictures from the camera using Sony SmartWatch 3; use the SW3 as a remote shutter button – Instant calendar events – create & share smart events directly from any email – Calendar agenda in Email – no need to switch apps to check upcoming events – Richer Xperia themes – New Settings menu icons – Additional options for Wi-Fi and Bluetooth in notification menu
stagefright Stories August 25, 2015
Stagefright vulnerability fixes for HTC One M9 and M8 on AT&T now rolling out
Google may have promised to keep its Nexus devices updated once a month, and was one of the first to push fixes for the vulnerability in Stagefright, but that doesn’t mean owners of other phones will see such prompt updates. Today, weeks since Nexus devices were patched, AT&T’s HTC One M9 and M8 are receiving over-the-air updates to keep you safe when sending MMS messages.
You can find information about both the HTC One M9 update and that for the HTC One M8 over at AT&T’s website. The OTA for the M9 comes in at just 55.53 MB, while the M8 update is 28 MB. These are pretty tiny numbers for OTA updates, so you shouldn’t expect much more from this update than the patch for Stagefright. It goes without saying that it’s still important to update though.
Head over to the Settings app and mash that refresh button, or just wait until your device tells you that you’re ready to go.
stagefright Stories August 17, 2015
Verizon’s Samsung Galaxy S4 receives Stagefright patch, other fixes
Stagefright isn’t totally a solved issue just yet, but device manufacturers and carriers have continued work on rolling out a patch that mitigates the OS vulnerability until another one of Google’s monthly security updates. Today we get an update for Verizon’s version of the Samsung Galaxy S4 which includes that patch and then some.
The update, rolling out over-the-air (OTA) and first spotted by Android Police, includes nothing new at all but quite a few fixes for software bugs to go along with addressing the Stagefright vulnerability. Device carriers and manufacturers that make them have felt almost unanimously responsible for rolling out fixes for the issue due to its sheer potential for damage and ease of exploitation, to name just two reasons.
If you own a Samsung Galaxy S4 on Verizon, expect to receive a notification when the update hits your device, sometime within the next few days. You can also check for it manually by visiting Settings > About phone > System updates.
stagefright Stories August 14, 2015
Google and several of its manufacturer partners rushed to fix a vulnerability found within Android which could see malware installed through simply receiving an MMS message. Dubbed Stagefright, it was described as the worst vulnerability to be found since the dawn of the new Mobile OS era. According to one security firm, sadly, the patches being released by a number of Android OEMs aren’t enough to fully fix the vulnerability.
Sprint rolling out Stagefright vulnerability patch for HTC One M8
Like every other US carrier, Sprint has been working diligently to release a patch to the Stagefright vulnerability in Android to its lineup of phones, and today HTC One M8 owners get the fix.
The release notes for the update only list a “Patch for critical security vulnerability (‘Stagefright’)” as being included in this update, so don’t expect anything else.
Stagefright is a vulnerability spotted in Android’s default MMS behavior that makes delivering and executing code on an Android-powered smartphone as simple as delivering a rich text message. Android has the ability to fetch the contents of a message before the user even opens it (this functionality itself is called “Stagefright” in Android), and most messaging apps previously didn’t prevent this from happening because, why not? Pre-fetching contents would be ideal as it means the user doesn’t have to wait for something to download when they tap and open a message.
Unfortunately, however, it’s also an easy way for bad guys to gain control of your phone. Google’s default text messaging app on Android, Messages, as well as its Hangouts messaging app, have both received updates to solve this from happening. Other popular messaging apps have followed suite, but Google’s vulnerability patch means that more apps won’t need to do the same.
Since this is a carrier update it’s being rolled out in stages, so it could be a few days before you see it hit your device. You should receive a notification when it’s available, otherwise you can manually check by visiting Settings > About phone > System updates.